higgsfield-generate
Fail
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's setup instructions direct the user to install the
higgsfieldCLI by downloading a script from the author's GitHub repository and piping it directly to the shell (curl -fsSL https://raw.githubusercontent.com/higgsfield-ai/cli/main/install.sh | sh). While this originates from the vendor's organization, it is a remote execution pattern. - [COMMAND_EXECUTION]: The skill uses the
Bashtool to perform all operations, including media generation, model inspection, and product fetching via thehiggsfieldCLI. - [CREDENTIALS_UNSAFE]: The skill explicitly uses
higgsfield auth login, which manages API credentials on the user's local system to authenticate requests to the Higgsfield platform. - [DATA_EXFILTRATION]: The workflow involves the
higgsfield upload createcommand, which transmits local image, video, and audio files to the vendor's cloud infrastructure for processing. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the way it processes external data.
- Ingestion points: Untrusted data enters the context via the
--urlflag inhiggsfield marketing-studio products fetch(SKILL.md) and through user-provided prompt strings. - Boundary markers: There are no explicit boundary markers or instructions to ignore embedded commands within the fetched URL content or prompt strings.
- Capability inventory: The skill possesses
Bashexecution capabilities to run CLI commands across all referenced workflows. - Sanitization: No sanitization or validation of the fetched content or interpolated prompt strings is described in the provided files.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/higgsfield-ai/cli/main/install.sh - DO NOT USE without thorough review
Audit Metadata